If you have a hacked website then trying to find vulnerabilities in the plugins you use is not the way to determine how the website has been backed, instead the evidence from the hack and the relevant logging should be scrutinized. Our hack cleanup service for WordPress websites includes doing that, as well as a lifetime subscription to this service.

On Friday we noted that the moderators of the WordPress Support Forum were getting in the way of people trying to discuss dealing with being hacked due to a vulnerability that had been in the plugin WP Live Chat Support. Looking again yesterday showed that has continued. Here is one topic that was closed without explanation why that even happened. With another one, it was closed due to someone mentioning they were using a pro version of the plugin, that is even though the issue the person was bringing up was caused by the vulnerability being exploited, which has nothing to do with a pro version. Someone could have pointed that out to the moderator that closed it, if they hadn’t closed the topic (not surprisingly the problematic moderator there was once again Jan Dembowski).

While we already are far ahead of other companies in keeping up with vulnerabilities in WordPress plugins (amazingly that isn’t an exaggeration), in looking in to how we could get even better we noticed that in a recent instance were a vulnerability was exploited in a plugin, we probably could have warned our customers about the vulnerability even sooner if we had looked at the plugin when it was first closed on the Plugin Directory instead of when the vulnerability was fixed (though as far as we are aware the exploitation started after we had warned our customers of the fix). So we are now monitoring to see if any of the 1,000 most popular plugins are closed on the Plugin Directory and then seeing if it looks like that was due to a vulnerability.

Yesterday Sucuri disclosed a settings change vulnerability that leads to a persistent cross-site scripting (XSS) in the plugin WP Live Chat Support, which was also fixed yesterday. That vulnerability is likely to be exploited soon. As we started looking over things while adding the vulnerabilities to our data set yesterday, so we could warn the customers of our service if they are using an impacted versions, we found that there are multiple additional security issues caused in part the same security issue that was partially fixed (yes, even the vulnerability fixed, was only actually partially fixed). There is, for example, another setting change vulnerability, though one that doesn’t look to lead to a more serious vulnerability. What stood out more for the seriousness, but also what type of functionality the vulnerability is in, is an information disclosure vulnerability that exposes chat logs and meta data related to those chats to anyone, which occurs through General Data Protection Regulation (GDPR) functionality. So functionality related to data protection does the opposite.

This post provides the details of a vulnerability in the WordPress plugin WP Live Chat Support not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to customers of that service. If you are not currently a customer, you can sign up for free here and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

This post provides the details of a vulnerability in the WordPress plugin WP Live Chat Support not discovered by us, where the discoverer hadn’t provided the details needed for us to confirm the vulnerability while we were adding it to the data set for our service, so its contents are limited to customers of that service. If you are not currently a customer, you can sign up for free here and then you can view the contents of the post. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.